Dangerous Permission Combination

Description

The application grants the `RuntimePermission` of `createClassLoader` or `ReflectPermission` of `suppressAccessChecks`, which can be used to instantiate arbitrary classes or access protected and private members.

Examples

Insecure Code

java

PermissionCollection pc = new Permissions();
RuntimePermission rp = new RuntimePermission("createClassLoader");
pc.add(rp);

Secure Code

java

PermissionCollection pc = new Permissions();
// Remove or restrict the dangerous permission

Remediation

Remove or restrict the dangerous permissions from the permission collection to prevent potential security vulnerabilities.

Rule Details

Field	Value
ID	CODE-0717
Category	AccessControl
Severity	MEDIUM
CWE	CWE-732
Confidence	HIGH
Impact	HIGH
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	permission, access control
OWASP	A5:2017-Broken Access Control, A01:2021-Broken Access Control

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Dangerous Permission Combination

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

Dangerous Permission Combination ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

Dangerous Permission Combination

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details